Problem solve Get help with specific problems with your technologies, process and projects.

AT&T email address security breach: Can hackers track a SIM card?

Recently, a security breach at AT&T exposed the email addresses of thousands of its customers, but that may not be the biggest threat. In this expert response, Nick Lewis explains what could be the result of this breach.

Can you explain the recent hack involving the compromise of thousands of email addresses? Was it Apple's fault or AT&T? Is there really a risk that users' location data may be compromised as well?
The recent Web security attack involving an email address security breach and compromise of SIM card serial numbers of iPad owners appears to be AT&T Inc.'s fault. According to Ed Amoroso, chief security officer at AT&T, the company pre-populated its website with email addresses to make renewal easier for users, and the attackers were able to exploit a vulnerability in AT&T's website to extract the data. While AT&T appears to be responsible for the security of the system, Apple Inc. should have been doing its due diligence to ensure its partners adequately protected its customers' sensitive data.

The exposure of email addresses of important or famous people has been getting the most attention in this attack, but the breach of SIM card serial numbers (which are related to ICC-IDs and IMI numbers used in the cellular system) is potentially much more significant. These numbers are used for determining the location of the cell phone/device and could put people at higher risk of having their locations tracked by unknown persons via their cell phones. In order to track a SIM card the attacker would need access to the cellular network, but such access could be easily gained and would allow the attacker to track and target an individual cell phone. Enterprises should make sure they are aware of the risk to the physical security of their users who have been exposed as a result of this attack and take precautions, like advising high-risk employees to turn their phones off when not in use.

This was last published in July 2010

Dig Deeper on Mobile security threats and prevention

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.